1 post in archive

Unfolding obfuscated code with Reven (part 2)

25 Jan 2017 by tdta - Technical - Reverse Engineering Deobfuscation ctf REVEN

Last time, by abstracting the runtime effect of the first virtual machine, we have reduced the challenge to a simpler but semantically equivalent program. Its control flow graph has a unique entry point as the basic block starting at 0x402048, whereas ones at 0x4023d4 and at 0x40266e are exit points...